One-Month Sprint: Phantom Community Playbook Challenge

threat-hunting-sample-onboarding-playbook

DEADLINE: Friday March 17, 2017

The Phantom Community Playbook Challenge

It’s time again to kick off the next Phantom Community challenge.  For this round, we are changing things up.  This challenge has been shortened to a one-month sprint, starting today and ending on March 17.  Additionally this challenge is centered around playbook submissions only. This should be an easy challenge for all of you! Take the playbooks you are already using, submit them, and give yourself a chance to win some cash. For this round we will be offering a $1,000 prize to the winner(s).  Community contributors who make a submission also get a shot at making it into our Phantom Community Hall of Fame.

With RSA Conference taking place next week in San Francisco, plenty of Phantom subject matter experts will be accessible.  Feel free to stop by our booth to collaborate with someone from our team.  We will be in booth #2523 in the south expo hall.  There will be a live demo showcased at the booth that we will happily put on pause to break out into the visual playbook editor and help you develop a playbook.

Both individual & team entries are accepted, and multiple entries are allowed.  The contest scoring criteria is as follows:

Phantom Playbook (70% of score)

  • Serves a practical / real-world impact – an automation scenario that saves time and money
  • Uses a variety of Phantom Action categories (e.g. investigative, containment, etc.) and integrates with multiple third-party technologies
  • Completes IR Process from Initial Trigger to Resolution of Alert (e.g. alerts are closed)
  • Follows suggested guidelines for efficiency (e.g. sequential vs parallel actions, debug statements, logging, etc.)

Other (30% of score)

  • Presentation of the finished product / submission (e.g. video demos, blog posts, etc.)
  • Support and guidance required throughout the contest

General Prerequisites, Permissions and License

  • Playbooks must execute without errors.
  • Playbooks must successfully load into the visual playbook editor – Modifications to the underlying Python code are acceptable as long as the playbook submission can still be modified using the visual editor’s tools.
  • Phantom intends on publishing submissions to the community playbooks page (https://my.phantom.us/2.0/playbooks/).  Please be sure that your playbooks do not contain sensitive information.  Please see the Contest Terms and Conditions below for more information.

The Phantom Community approach has has paid off in its first year.  We are very proud of our growing community, their collaboration, and their contributions.  The user experience and support in our community gets better with each person who joins.  These contests are a great way to continue that growth, as well as get recognition within the community. Please feel free to join our Slack community channel to collaborate live with other community users and Phantom team members.  We highly encourage your participation and many thanks to all who are already contributing!

Contact us on Slack or at contest@phantom.us with any questions.  We’re here to help and happy to offer tips on building playbooks with the Phantom platform.

Contest Award

Winners will be announced at the sole discretion of the judges based on the criteria outlined.  A single prize of $1,000 will be paid to the winning individual or team; more prizes may be awarded by Phantom in its sole discretion.

Contest Judges

Entries will be judged by leaders in security from the media and practice.  We will announce them during the contest.

Contest Terms and Conditions

All judging, eligibility, and award decisions are final, not subject to review and at the sole discretion of the judges and Phantom. Contestants acknowledge that Phantom reserves the right to (i) fund or award all, some, or none of the responses received (if none meet prerequisites), and (ii) determine all award recipients.  The award determination will be made by Phantom with the guidance and recommendations of the judges convened for this purpose, to ensure relevant expertise and diversity of perspectives.  Winners will be identified by Phantom at the conclusion of this promotion on the community page (my.phantom.us). This offer is open to residents of the United States and other jurisdictions where it is not restricted or prohibited.  Void where prohibited by law.  No purchase is necessary.  Submissions made after the stated deadline above will be eligible for consideration only if received and accepted by Phantom in its sole good faith discretion prior to the final determination and announcement of award winners.

By submitting Playbooks to Phantom you (i) grant Phantom a non-exclusive, perpetual, royalty-free, world-wide right and license to use, host, reproduce, modify, publicly perform, publicly display, and distribute such submissions in any form and on any media including without limitation to publish the playbook on the community page (my.phantom.us), and (ii) you represent and warrant that you are over 18 and have the right and authority to grant this license and further that you will remove or redact any confidential or proprietary information of any third parties. Phantom agrees it will not remove your name or attribution from submissions as you submit them, and you agree that Phantom may use your name and likeness in any marketing or promotion of submissions.

Rob Truesdell
Director, Product Management
Phantom